Foreword

The software industry has, on aggregate, made a great deal of progress securing software against attacks over the last ten or so years. But for many, any improvement has been small because of the piecemeal nature of their security efforts. There is always more to be done as attackers become savvier and, in many cases, more determined to compromise systems for malevolent gain. This ongoing arms-race between attackers and defenders will only escalate as more devices are connected to the Internet. I say “devices” and not “computers” on purpose because we are seeing millions of smaller devices such as smartphones join the throngs of other systems that are already active Internet citizens. We’re seeing the rate at which software is developed for these smaller devices increase; development times are shrinking; software designers and developers are rushing their code to market and often forget some of the fundamental security disciplines required to build code that is robust in the face of attack. I use the term “forget” simply to be polite; in many cases, software development shops simply do not understand basic security principles.

Clearly, all software is subject to attack, and the only way to help produce software that is not only resilient to attack but helps protect sensitive and private data is to update the current software development process with practices that infuse security and privacy discipline.

We need more people to understand how to secure their development processes and then apply those principles in practice.

And this is the book to help do that!

(ISC)2 has published this very easy-to-read-and-understand book that can help anyone involved with software development, whether they design, build or test software; create more secure software by incorporating the principles of secure software development covered in this comprehensive book into their software development lifecycle.

But this book is not just teaching theory. This book can serve in a dual function —as an academic reference to those learning about software security, while at the same time as a very pragmatic reference to those hoping to improve their state of software security. The material that is covered in this book is proven and reflective of the author’s in-depth experience in helping many companies improve their overall software development processes to produce secure software. As the software assurance advisor for (ISC)², the author of this book, Mano Paul, has been an instrumental resource in the development of the Certified Secure Software Lifecycle Professional (CSSLP) credential.

To reiterate and summarize:

  • Most software is insecure.
  • Most software development shops can improve their processes to improve security.
  • This book covers what you need to know.
  • This book is a must have for a prospective CSSLP candidate.

Michael Howard

Principal Security Program Manager, Microsoft Author, Writing Secure Code

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.17.154.139